Unplugged but locked down: colleges and universities have worked to boost their wireless might--without causing security risks.While planning its wireless implementation, tech leaders at Dickinson College Dickinson College, at Carlisle, Pa.; coeducational; Methodist; founded 1773 as The Grammar School, chartered and opened as Dickinson College 1783. It was named for John Dickinson. in Carlisle, Pa., hadn't given much thought to security issues until a guest speaker at a college-sponsored conference complimented the college's chief information officer, Robert Renaud, on the excellent wireless service. Baffled, Renaud asked her how she'd managed to get online, considering that Dickinson's system wasn't operational yet. As it turned out, she'd tapped in to something else--wireless service of the local public library, located near the college president's house. In recalling the incident, Renaud laughs, but the implications of having an insecure system, like the library had, didn't strike him as amusing. "The incident reminded me of the need to include security in our wireless network planning," he says. As colleges and universities go from wired to unplugged, staff have found that security risks go along with the transition. IT administrators now have to fret about non-university individuals hopping onto the network for nefarious reasons, and can envision confidential records and student information being grabbed out of midair. Companies, too, are facing wireless security issues, but academic institutions have different kinds of challenges when it comes to locking down, says Greg Murphy Greg Murphy (23 August, 1972) is a New Zealand racing driver. Born in Hastings he become involved in motor sports by the age of eight, progressing through karts to saloons and single-seaters before moving to Australia. Murphy first competed at the Bathurst circuit in 1994. , chief operating officer Chief Operating Officer (COO) The officer of a firm responsible for day-to-day management, usually the president or an executive vice-president. of AirWave Wireless, a firm that secures Wi-Fi systems at institutions of higher ed. Whereas companies can standardize which laptops and desktops are used, as well as set policies and dictate which security patches can be downloaded, university IT departments have to deal with multiple devices and computer brands, rogue access points (1) A wireless access point (AP) installed by an employee without the consent of the IT department. Without the proper security configuration, users have exposed their company's network to the outside world. , and open-ended technology policies. Also challenging is the 24/7 usage, and limited IT resources, Murphy notes. "A campus is like a little city," he says. "The problem is that wireless adds complexity, so trying to tackle all these issues on such a large scale can feel overwhelming. That leads colleges to take different approaches to simplify, using the mix of resources and technology they have on hand." University Business went behind the scenes at several IHEs that make significant use of wireless to find out what they're doing to help keep their networks secure, and how they're policing their "little cities" in the wireless age. EMBARRASSMENT OF TECHNOLOGY RICHES Thanks to the speedy pace of technology, a student or faculty member can now get a laptop or PDA (Personal Digital Assistant) A handheld computer for managing contacts, appointments and tasks. It typically includes a name and address database, calendar, to-do list and note taker, which are the functions in a personal information manager (see PIM). that can access a wireless network. Even some cell phones can tap into network resources. But what seems like a wonderful spectrum of choices at the electronics shop can feel like a headache in the campus IT department. Some colleges have chosen to address the problem with a hands-on approach. At the University of Denver Background and rankings The University was founded in 1864 as Colorado Seminary by John Evans, the former Territorial Governor of Colorado, who had been appointed by US President Abraham Lincoln. , which has wireless throughout its entire campus, IT staff members got increasingly annoyed at the lack of security they saw on students' own machines, especially on those owned by freshmen. Rather than send out e-mail messages about configuration strategies, the university simply requires freshmen to bring in their wireless-enabled devices to IT before they first access the network. "We see every single freshman computer and handheld device," says Marcelo Lew, wireless network specialist for Technology Services. "It's the only way we can make sure everybody has up-to-date patches, a firewall that's turned on, and other security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security ." The tactic takes time, Lew admits, but it has proven to prevent problems for the rest of the year. Also, most students retain the settings throughout their journey from freshman to senior, meaning that one time-consuming check actually saves IT time in the long run. The pace of technology, rather than specific devices, is what's being examined at the University of Tennessee The University of Tennessee (UT), sometimes called the University of Tennessee at Knoxville (UT Knoxville or UTK), is the flagship institution of the statewide land-grant University of Tennessee public university system in the American state of Tennessee. , which implemented wireless four years ago, earlier than many other schools. IT leaders there are trying to create a strategy that can incorporate older laptops into the mix. But it's not easy. "We don't want students with laptops that are a few years old feeling like they have to buy a new computer just to get wireless," says Chief Information Officer Brice Bible. "We've also been looking at how to simplify capability for students, so they don't feel like they have to be a systems administrator just to configure a new machine." The university is currently in the late stages of a major upgrade to its wireless system, Nomad, in which it's placing stronger, voluntary encryption measures that will eventually be mandatory. The tighter security will be achieved by having each student and faculty member download a small piece of software, or client, to their computers; the client will cause every surfing session to be encrypted. In the meantime Adv. 1. in the meantime - during the intervening time; "meanwhile I will not think about the problem"; "meantime he was attentive to his other interests"; "in the meantime the police were notified" meantime, meanwhile , UT's tech staff sometimes has to tweak To make minor adjustments in an electronic system or in a software program in order to improve performance. See calibrate. 1. tweak - To change slightly, usually in reference to a value. Also used synonymously with twiddle. individual devices. For example, university senior Joseph Hubbard had trouble when he first brought a new PocketPC handheld onto campus. It picked up the campus wireless signal, but couldn't access it. After five minutes at the tech support center, the problem was fixed. Overall, this is the kind of simplicity that LIT wants, where students don't have to think about which device they're using to surf or access databases; they can just log on and get going. That makes establishment of wireless security even more vital, since students often take it for granted. "At this point, I don't even think about it," says Hubbard. "I use the PocketPC for everything, and I've never felt insecure about it. I just assume that the tech guys have security handled." GLOBAL WIRELESS VILLAGE At many colleges, the line between a campus's physical boundaries and its actual reach is a blurry one. Even if certain apartment buildings or coffee shops are outside of the school's actual limits, often they're close enough to not only be gathering places for students, but also candidates for wireless access. As Dickinson College discovered, competing wireless access points can be a concern, even as IT works to make sure that students can connect from far-flung dorms. Some schools try to take a relaxed approach when it comes to access points, but not always because they want to. At the University of Arizona (body, education) University of Arizona - The University was founded in 1885 as a Land Grant institution with a three-fold mission of teaching, research and public service. , for instance, researchers tend to buy their own wireless equipment out of grant money, and IT simply has to work around these homemade hotspots. The university has much of the campus unwired, but since its grounds cover 350 acres and it's split in two by a major highway, creating a seamless wireless network is still proving to be a challenge. "Researchers have their own computing needs, so they go off and do their own thing," says Ted Frohling, the university's assistant director of network technology solutions. "For many of them, security seems like a hindrance to getting things done." That's a tough situation for Frohling, who's trying to balance user needs with university policies. Currently, he uses a Virtual Private Network (VPN (Virtual Private Network) A private network that is configured within a public network (a carrier's network or the Internet) in order to take advantage of the economies of scale and management facilities of large networks. ) client to route users to appropriate access points that don't conflict with others on or around the campus, but he admits this is a temporary solution. Also, as the wireless network grows, the IT department will likely have to limit the number of access points near the researchers, to prevent interoperability issues. "We're expecting that it will become progressively much easier to control these multiple access points and secure them," says Frohling. "But it's going to take some work-arounds and creative thinking to get there." ALL-ACCESS PASS If devices and computers are properly configured for wireless security, and there's no interference from rogue access points, the next link in the security chain is authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. . Simply put, institutions need a way to find out if students and faculty members ate who they say they are. In doing authentication, colleges have adopted a range of strategies. Some prefer multilevel mul·ti·lev·el adj. Having several levels: a multilevel parking garage. Adj. 1. multilevel - of a building having more than one level access with locks on every tier, while others separate only very sensitive information like medical records or admissions information. Some colleges give users more decision-making power by warning them about safe surfing practices, and then taking a step back. At the University of Dayton The University of Dayton is one of the ten largest Catholic schools in the United States and is the largest of the three Marianist universities in the nation. It is also home to one of the largest campus ministry programs in the world. (Ohio), which has its entire campus on a wireless network, once a student or staff member logs in, the user is free to access most of the network, except for certain protected areas. "We've taken a minimalist approach, and left security up to the individual user as much as we can," says Michael Skelton, associate director of network services at UD. "In the future, we plan to do more with assigning levels and roles, but for right now, this is minimizing confusion." Even if a college has taken a more advanced strategy, it may get a nasty surprise, however. In computer science classes at the Pennsylvania College of Technology Pennsylvania College of Technology, or Penn College, is a small university located in Williamsport, Pennsylvania. Affiliated with The Pennsylvania State University, the school offers more than 100 certificate, associate and baccalaureate degree programs in fields like in Williamsport, students who are learning the nuances of computer security have sent messages to the college's chief technology officer, Jim Cunningham, showing him how they've used the wireless network to capture and decipher the user IDs and passwords of other students. "Obviously, if some students were willing to tell us about their exploits, there are probably some who are doing the same thing and not telling us," he acknowledges. "We need to continue advising everyone not to use the open wireless to transmit their information." For sensitive information, the college does have a more encrypted area, and it uses the open wireless for students and guests who simply want to access the internet. The dual-tier strategy is what allows Cunningham to be amused by his hacker students, since it ensures that confidential data is behind stronger, locked virtual doors. One of the benefits of advanced or multilevel authentication tactics is network monitoring The term network monitoring describes the use of a system that constantly monitors a computer network for slow or failing systems and that notifies the network administrator in case of outages via email, pager or other alarms. , says Tom Zeller, telecommunications technical advisor at Indiana University Indiana University, main campus at Bloomington; state supported; coeducational; chartered 1820 as a seminary, opened 1824. It became a college in 1828 and a university in 1838. The medical center (run jointly with Purdue Univ. , which has the majority of its campus on a wireless network. "We were worried about eavesdropping Secretly gaining unauthorized access to confidential communications. Examples include listening to radio transmissions or using laser interferometers to reconstitute conversations by reflecting laser beams off windows that are vibrating in synchrony to the sound in the room. , and people picking up passwords over wireless links," he says. "Part of addressing that problem is being able to track who's using the network, and when." When IU put its wireless system in place a few years ago, it tackled the issue by routing all of its wireless traffic through a VPN server. But because the number of users got too high, it's now looking for Looking for In the context of general equities, this describing a buy interest in which a dealer is asked to offer stock, often involving a capital commitment. Antithesis of in touch with. a better way to do monitoring. "Every wireless environment, including ours, definitely has room for improvement," he notes. POLICY DECISIONS At corporations, IT is king when it comes to setting policies about wireless. The department can create and enforce mandates about downloading security patches, using company-owned laptops to tap into other networks, and accessing data at multiple levels. But many colleges don't have the ability to craft similar policies for their institutions. Even if they did, some think it's likely that they wouldn't want to anyway. "Many colleges set up minimal policies in terms of wireless network access," says AirWave Wireless's Murphy. "Instead, they focus on setting up different levels of privileges and trying to circumvent policy-making pol·i·cy·mak·ing or pol·i·cy-mak·ing n. High-level development of policy, especially official government policy. adj. Of, relating to, or involving the making of high-level policy: that way." Most likely, institutions feel that students and faculty will flinch with too many rules, Murphy adds. Unlike in the corporate arena, where there are policies for nearly every form of activity and interaction, colleges are usually seen as more collaborative, freedom-loving spaces. "IT types at universities just don't want to be seen as limiting what people do. Also, schools with a huge number of visitors may see policies as tough to enforce," he says. But some colleges are stringent about policies and eager to put controls in place. At the University of Pennsylvania (body, education) University of Pennsylvania - The home of ENIAC and Machiavelli. http://upenn.edu/. Address: Philadelphia, PA, USA. , a representative group of administrators and IT staff members crafted an initial policy in 2004, and then made it available on the web to members of the university community. The policy was approved after comments were incorporated in subsequent versions. The technical implementation of the policy involves the use of authenticating gateways, notes Deke deke tr.v. deked, dek·ing, dekes To deceive (an opponent) in ice hockey by a fake: deked the goalie with a move from left to right. n. Kassabian, senior technology director at UPenn. This gives the university the ability to prevent users from getting on the wireless network until they've been authenticated. Also, it prevents rogue access points by specifically outlining what kind of network jacks can be used. With this policy in place, the university is looking forward to using it for stronger security measures. "We plan to combine this with the ability to disallow To exclude; reject; deny the force or validity of. The term disallow is applied to such things as an insurance company's refusal to pay a claim. access to wireless devices that are, or are at serious risk to be, compromised," says Kassabian. "Having already identified the user, we can notify them and advise them on how to get their wireless laptop or handheld patched and ready to access the network." ROAD AHEAD Even as security takes a more prominent role in university wireless implementations, many believe that there's still a long way to go until authentication, access, and policies reach the level at which they need to be. "Are universities doing a good job with wireless security?" asks Vinnie Gupta, market development manager at Sun Microsystems Sun Microsystems, Inc. (NASDAQ: JAVA[3]) is an American vendor of computers, computer components, computer software, and information-technology services, founded on 24 February 1982. . "Unfortunately, the answer is no. Overall, I'd say they're struggling. But the good news is that they recognize that this is a problem area." A major issue is that hackers are continually trying to crack into college and university databanks wirelessly, notes Gupta. Since IT has to deal with many tasks, and the hackers are single-minded, the situation ends up being a case of a very small cat attempting to stop a city-size rat. Still, many university IT managers feel up to the task. They recognize the panoply pan·o·ply n. pl. pan·o·plies 1. A splendid or striking array: a panoply of colorful flags. See Synonyms at display. 2. of issues with wireless security, but they feel that their universities are moving closer to having systems that are secure and reliable. "We see some exciting developments in wireless technology coming along," says University of Pennsylvania's Kassabian. "In particular, standards for still higher bandwidth and for scalable data encryption data encryption, the process of scrambling stored or transmitted information so that it is unintelligible until it is unscrambled by the intended recipient. Historically, data encryption has been used primarily to protect diplomatic and military secrets from foreign seem to be coming along nicely. We're watching these spaces closely." As technologies evolve, IHEs are hopeful about providing plenty of bandwidth to students, faculty members, and guests, without having to warn them about security issues, making their "little cities" safe and sound. DIY DIY abbr. do-it-yourself DIY or d.i.y. Brit, Austral & NZ do-it-yourself DIY abbr DIY do it yourself a DIY shop/job. THROUGH IT In putting wireless controls in place, some institutions like to give the power to the people. Rather than funneling all responsibility for authentication and access through campus IT, they have empowered users to maintain security. At the University of Tennessee, IT has created a series of 90-second streaming videos that detail security issues and quick reminders about tactics like software patching, appropriate e-mail use, and password strategies. Because they're usually short, and humorous--having school sports captains make jokes about jocks, for example--they've been wildly popular on campus. Brice Bible, the school's chief information officer, reports that most students have seen at least one of the videos, and that the department is working on several others to help students maintain wireless and wired security practices. STANDARD PRACTICE One issue affecting the security of wireless networks, both in academic institutions as well as corporate environments, is the passage of wireless standards. Currently, many colleges are implementing 802.1x, a standard developed by the Institute of Electrical and Electronics Engineers Not to be confused with the Institution of Electrical Engineers (IEE). The Institute of Electrical and Electronics Engineers or IEEE (pronounced as eye-triple-e (known as IEEE (Institute of Electrical and Electronics Engineers, New York, www.ieee.org) A membership organization that includes engineers, scientists and students in electronics and allied fields. ) that provides authentication for wireless LANs. Another new standard is WPA WPA: see Work Projects Administration. WPA in full Works Progress Administration later (1939–43) Work Projects Administration U.S. work program for the unemployed. , or Wi-Fi Protected Access (networking, security) Wi-Fi Protected Access - (WPA) A security scheme for wireless networks, developed by the networking industry in response to the shortcomings of Wired Equivalent Privacy (WEP). . Designed to replace a more breakable encryption standard, WEP (Wired Equivalent Privacy) An IEEE standard security protocol for wireless 802.11 networks. Introduced in 1997, WEP was found to be very inadequate and was superseded by WPA, WPA2 and 802.11i. , the access standard promises improved data encryption and user authentication See authentication. . "Clearly, the industry needs to solve the wireless security dilemma In international relations, the security dilemma refers to a situation wherein two or more states are drawn into conflict, possibly even war, over security concerns, even though none of the states actually desire conflict. ," says aim Cunningham, chief technology officer for the Pennsylvania College of Technology. "In order for people to use it, it must be very easy or even self-configuring, otherwise they simply won't bother." The reason that standards should be implemented: When a user roams from one network to another, wireless security protocols change unless a common standard is in place. Elizabeth Millard is a freelance writer based in Saint Louis Park Saint Louis Park, city (1990 pop. 43,787), Hennepin co., SE Minn., a suburb of Minneapolis; settled 1854, inc. 1886. There is printing and publishing, machining, food processing, and the manufacture of rubber products and furniture. , Minn., who specializes in covering technology. |
|
Printer friendly
Cite/link
Email
Feedback
Reader Opinion